forked from opensearch-project/security-analytics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
- Loading branch information
Showing
22 changed files
with
858 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
...pensearch/securityanalytics/threatIntel/action/monitor/IndexThreatIntelMonitorAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package org.opensearch.securityanalytics.threatIntel.action.monitor; | ||
|
||
import org.opensearch.action.ActionType; | ||
import org.opensearch.securityanalytics.threatIntel.action.monitor.response.IndexThreatIntelMonitorResponse; | ||
|
||
import static org.opensearch.securityanalytics.threatIntel.sacommons.monitor.ThreatIntelMonitorActions.INDEX_THREAT_INTEL_MONITOR_ACTION_NAME; | ||
|
||
|
||
public class IndexThreatIntelMonitorAction extends ActionType<IndexThreatIntelMonitorResponse> { | ||
|
||
public static final IndexThreatIntelMonitorAction INSTANCE = new IndexThreatIntelMonitorAction(); | ||
public static final String NAME = INDEX_THREAT_INTEL_MONITOR_ACTION_NAME; | ||
|
||
private IndexThreatIntelMonitorAction() { | ||
super(NAME, IndexThreatIntelMonitorResponse::new); | ||
} | ||
} |
19 changes: 19 additions & 0 deletions
19
...g/opensearch/securityanalytics/threatIntel/action/monitor/IocScanMonitorFanOutAction.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
package org.opensearch.securityanalytics.threatIntel.action.monitor; | ||
|
||
import org.opensearch.action.ActionType; | ||
import org.opensearch.commons.alerting.action.DocLevelMonitorFanOutResponse; | ||
import org.opensearch.core.common.io.stream.Writeable; | ||
|
||
/** | ||
* Ioc Scan Monitor fan out action that distributes the monitor runner logic to mutliple data node. | ||
*/ | ||
public class IocScanMonitorFanOutAction extends ActionType<DocLevelMonitorFanOutResponse> { | ||
/** | ||
* @param name The name of the action, must be unique across actions. | ||
* @param docLevelMonitorFanOutResponseReader A reader for the response type | ||
*/ | ||
public IocScanMonitorFanOutAction(String name, Writeable.Reader<DocLevelMonitorFanOutResponse> docLevelMonitorFanOutResponseReader) { | ||
super(name, docLevelMonitorFanOutResponseReader); | ||
} | ||
|
||
} |
59 changes: 59 additions & 0 deletions
59
.../securityanalytics/threatIntel/action/monitor/request/IndexThreatIntelMonitorRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package org.opensearch.securityanalytics.threatIntel.action.monitor.request; | ||
|
||
import org.opensearch.action.ActionRequest; | ||
import org.opensearch.action.ActionRequestValidationException; | ||
import org.opensearch.core.common.io.stream.StreamInput; | ||
import org.opensearch.core.common.io.stream.StreamOutput; | ||
import org.opensearch.rest.RestRequest; | ||
import org.opensearch.securityanalytics.threatIntel.sacommons.monitor.IndexTIFSourceConfigRequestInterface; | ||
import org.opensearch.securityanalytics.threatIntel.sacommons.monitor.ThreatIntelMonitorDto; | ||
|
||
import java.io.IOException; | ||
|
||
public class IndexThreatIntelMonitorRequest extends ActionRequest implements IndexTIFSourceConfigRequestInterface { | ||
|
||
public static final String THREAT_INTEL_MONITOR_ID = "threat_intel_monitor_id"; | ||
|
||
private final String id; | ||
private final RestRequest.Method method; | ||
private final ThreatIntelMonitorDto threatIntelMonitor; | ||
|
||
public IndexThreatIntelMonitorRequest(String id, RestRequest.Method method, ThreatIntelMonitorDto threatIntelMonitor) { | ||
super(); | ||
this.id = id; | ||
this.method = method; | ||
this.threatIntelMonitor = threatIntelMonitor; | ||
} | ||
|
||
public IndexThreatIntelMonitorRequest(StreamInput sin) throws IOException { | ||
this( | ||
sin.readString(), | ||
sin.readEnum(RestRequest.Method.class), // method | ||
ThreatIntelMonitorDto.readFrom(sin) | ||
); | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
out.writeString(id); | ||
out.writeEnum(method); | ||
threatIntelMonitor.writeTo(out); | ||
} | ||
|
||
@Override | ||
public ActionRequestValidationException validate() { | ||
return null; | ||
} | ||
|
||
public String getId() { | ||
return id; | ||
} | ||
|
||
public RestRequest.Method getMethod() { | ||
return method; | ||
} | ||
|
||
public ThreatIntelMonitorDto getThreatIntelMonitor() { | ||
return threatIntelMonitor; | ||
} | ||
} |
89 changes: 89 additions & 0 deletions
89
...ecurityanalytics/threatIntel/action/monitor/response/IndexThreatIntelMonitorResponse.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
package org.opensearch.securityanalytics.threatIntel.action.monitor.response; | ||
|
||
import org.opensearch.core.action.ActionResponse; | ||
import org.opensearch.core.common.io.stream.StreamInput; | ||
import org.opensearch.core.common.io.stream.StreamOutput; | ||
import org.opensearch.core.xcontent.ToXContent; | ||
import org.opensearch.core.xcontent.ToXContentObject; | ||
import org.opensearch.core.xcontent.XContentBuilder; | ||
import org.opensearch.securityanalytics.threatIntel.sacommons.monitor.IndexIocScanMonitorResponseInterface; | ||
import org.opensearch.securityanalytics.threatIntel.sacommons.monitor.ThreatIntelMonitorDto; | ||
|
||
import java.io.IOException; | ||
|
||
/** | ||
* Response obect resturned for request that indexes ioc scan monitor | ||
*/ | ||
public class IndexThreatIntelMonitorResponse extends ActionResponse implements ToXContentObject, IndexIocScanMonitorResponseInterface { | ||
private static final String ID = "id"; | ||
private static final String NAME = "version"; | ||
private static final String SEQ_NO = "seq_no"; | ||
private static final String PRIMARY_TERM = "primary_term"; | ||
private static final String MONITOR = "monitor"; | ||
|
||
private final String id; | ||
private final long version; | ||
private final long seqNo; | ||
private final long primaryTerm; | ||
private final ThreatIntelMonitorDto iocScanMonitor; | ||
|
||
public IndexThreatIntelMonitorResponse(String id, long version, long seqNo, long primaryTerm, ThreatIntelMonitorDto monitor) { | ||
this.id = id; | ||
this.version = version; | ||
this.seqNo = seqNo; | ||
this.primaryTerm = primaryTerm; | ||
this.iocScanMonitor = monitor; | ||
} | ||
|
||
public IndexThreatIntelMonitorResponse(StreamInput sin) throws IOException { | ||
this( | ||
sin.readString(), | ||
sin.readLong(), // version | ||
sin.readLong(), // seqNo | ||
sin.readLong(), // primaryTerm | ||
ThreatIntelMonitorDto.readFrom(sin) // monitor | ||
); | ||
} | ||
|
||
@Override | ||
public void writeTo(StreamOutput out) throws IOException { | ||
out.writeString(id); | ||
out.writeLong(version); | ||
out.writeLong(seqNo); | ||
out.writeLong(primaryTerm); | ||
iocScanMonitor.writeTo(out); | ||
} | ||
|
||
@Override | ||
public XContentBuilder toXContent(XContentBuilder builder, ToXContent.Params params) throws IOException { | ||
return builder.startObject() | ||
.field(ID, id) | ||
.field(NAME, version) | ||
.field(SEQ_NO, seqNo) | ||
.field(PRIMARY_TERM, primaryTerm) | ||
.field(MONITOR, iocScanMonitor) | ||
.endObject(); | ||
} | ||
|
||
@Override | ||
public String getId() { | ||
return id; | ||
} | ||
|
||
public Long getVersion() { | ||
return version; | ||
} | ||
|
||
public long getSeqNo() { | ||
return seqNo; | ||
} | ||
|
||
public long getPrimaryTerm() { | ||
return primaryTerm; | ||
} | ||
|
||
@Override | ||
public ThreatIntelMonitorDto getIocScanMonitor() { | ||
return iocScanMonitor; | ||
} | ||
} |
Oops, something went wrong.